Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2023-44193
Publication date:
13/10/2023
<br /> An Improper Release of Memory Before Removing Last Reference vulnerability in Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows a local, low privileged attacker to cause an FPC crash, leading to Denial of Service (DoS).<br /> <br /> On all Junos MX Series with MPC1 - MPC9, LC480, LC2101, MX10003, and MX80, when Connectivity-Fault-Management (CFM) is enabled in a VPLS scenario, and a specific LDP related command is run, an FPC will crash and reboot. Continued execution of this specific LDP command can lead to sustained Denial of Service condition.<br /> <br /> This issue affects:<br /> <br /> Juniper Networks Junos OS on MX Series:<br /> <br /> <br /> <br /> * All versions prior to 20.4R3-S7;<br /> * 21.1 versions prior to 21.1R3-S5;<br /> * 21.2 versions prior to 21.2R3-S4;<br /> * 21.3 versions prior to 21.3R3-S4;<br /> * 21.4 versions prior to 21.4R3-S3;<br /> * 22.1 versions prior to 22.1R3-S1;<br /> * 22.2 versions prior to 22.2R2-S1, 22.2R3;<br /> * 22.3 versions prior to 22.3R1-S2, 22.3R2.<br /> <br /> <br /> <br /> <br /> <br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
20/10/2023

CVE-2023-44194
Publication date:
13/10/2023
<br /> An Incorrect Default Permissions vulnerability in Juniper Networks Junos OS allows an unauthenticated attacker with local access to the device to create a backdoor with root privileges. The issue is caused by improper directory permissions on a certain system directory, allowing an attacker with access to this directory to create a backdoor with root privileges.<br /> <br /> This issue affects Juniper Networks Junos OS:<br /> <br /> <br /> <br /> * All versions prior to 20.4R3-S5;<br /> * 21.1 versions prior to 21.1R3-S4;<br /> * 21.2 versions prior to 21.2R3-S4;<br /> * 21.3 versions prior to 21.3R3-S3;<br /> * 21.4 versions prior to 21.4R3-S1.<br /> <br /> <br /> <br /> <br /> <br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
20/10/2023

CVE-2023-44195
Publication date:
13/10/2023
<br /> An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in the NetworkStack agent daemon (nsagentd) of Juniper Networks Junos OS Evolved allows an unauthenticated network based attacker to cause limited impact to the availability of the system.<br /> <br /> If specific packets reach the Routing-Engine (RE) these will be processed normally even if firewall filters are in place which should have prevented this. This can lead to a limited, increased consumption of resources resulting in a Denial-of-Service (DoS), and unauthorized access.<br /> <br /> CVE-2023-44196 is a prerequisite for this issue.<br /> <br /> This issue affects Juniper Networks Junos OS Evolved:<br /> <br /> <br /> <br /> * 21.3-EVO versions prior to 21.3R3-S5-EVO;<br /> * 21.4-EVO versions prior to 21.4R3-S4-EVO;<br /> * 22.1-EVO version 22.1R1-EVO and later;<br /> * 22.2-EVO version 22.2R1-EVO and later;<br /> * 22.3-EVO versions prior to 22.3R2-S2-EVO, 22.3R3-S1-EVO;<br /> * 22.4-EVO versions prior to 22.4R3-EVO.<br /> <br /> <br /> <br /> <br /> This issue doesn&amp;#39;t not affected Junos OS Evolved versions prior to 21.3R1-EVO.<br /> <br /> <br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
24/10/2023

CVE-2023-44196
Publication date:
13/10/2023
<br /> An Improper Check for Unusual or Exceptional Conditions in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS Evolved on PTX10003 Series allows an unauthenticated adjacent attacker to cause an impact to the integrity of the system.<br /> <br /> When specific transit MPLS packets are received by the PFE, these packets are internally forwarded to the RE. This issue is a prerequisite for CVE-2023-44195.<br /> <br /> This issue affects Juniper Networks Junos OS Evolved:<br /> <br /> <br /> <br /> * All versions prior to 20.4R3-S8-EVO;<br /> * 21.1-EVO version 21.1R1-EVO and later;<br /> * 21.2-EVO versions prior to 21.2R3-S6-EVO;<br /> * 21.3-EVO version 21.3R1-EVO and later;<br /> * 21.4-EVO versions prior to 21.4R3-S3-EVO;<br /> * 22.1-EVO versions prior to 22.1R3-S4-EVO;<br /> * 22.2-EVO versions prior to 22.2R3-S3-EVO;<br /> * 22.3-EVO versions prior to 22.3R2-S2-EVO, 22.3R3-EVO;<br /> * 22.4-EVO versions prior to 22.4R2-EVO.<br /> <br /> <br /> <br /> <br /> <br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
20/10/2023

CVE-2023-44197
Publication date:
13/10/2023
<br /> An Out-of-Bounds Write vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS).<br /> <br /> On all Junos OS and Junos OS Evolved devices an rpd crash and restart can occur while processing BGP route updates received over an established BGP session. This specific issue is observed for BGP routes learned via a peer which is configured with a BGP import policy that has hundreds of terms matching IPv4 and/or IPv6 prefixes.<br /> <br /> This issue affects Juniper Networks Junos OS:<br /> <br /> <br /> <br /> * All versions prior to 20.4R3-S8;<br /> * 21.1 version 21.1R1 and later versions;<br /> * 21.2 versions prior to 21.2R3-S2;<br /> * 21.3 versions prior to 21.3R3-S5;<br /> * 21.4 versions prior to 21.4R2-S1, 21.4R3-S5.<br /> <br /> <br /> <br /> <br /> This issue affects Juniper Networks Junos OS Evolved:<br /> <br /> <br /> <br /> * All versions prior to 20.4R3-S8-EVO;<br /> * 21.1-EVO version 21.1R1-EVO and later versions;<br /> * 21.2-EVO versions prior to 21.2R3-S2-EVO;<br /> * 21.3-EVO version 21.3R1-EVO and later versions;<br /> * 21.4-EVO versions prior to 21.4R2-S1-EVO, 21.4R3-S5-EVO.<br /> <br /> <br /> <br /> <br /> <br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
20/10/2023

CVE-2023-44198
Publication date:
13/10/2023
<br /> An Improper Check for Unusual or Exceptional Conditions vulnerability in the SIP ALG of Juniper Networks Junos OS on SRX Series and MX Series allows an unauthenticated network-based attacker to cause an integrity impact in connected networks.<br /> <br /> If the SIP ALG is configured and a device receives a specifically malformed SIP packet, the device prevents this packet from being forwarded, but any subsequently received retransmissions of the same packet are forwarded as if they were valid.<br /> <br /> This issue affects Juniper Networks Junos OS on SRX Series and MX Series:<br /> <br /> <br /> <br /> * 20.4 versions prior to 20.4R3-S5;<br /> * 21.1 versions prior to 21.1R3-S4;<br /> * 21.2 versions prior to 21.2R3-S4;<br /> * 21.3 versions prior to 21.3R3-S3;<br /> * 21.4 versions prior to 21.4R3-S2;<br /> * 22.1 versions prior to 22.1R2-S2, 22.1R3;<br /> * 22.2 versions prior to 22.2R2-S1, 22.2R3;<br /> * 22.3 versions prior to 22.3R1-S2, 22.3R2.<br /> <br /> <br /> <br /> <br /> This issue doesn&amp;#39;t not affected releases prior to 20.4R1.<br /> <br /> <br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
20/10/2023

CVE-2023-44199
Publication date:
13/10/2023
<br /> An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on MX Series allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS).<br /> <br /> On Junos MX Series platforms with Precision Time Protocol (PTP) configured, a prolonged routing protocol churn can lead to an FPC crash and restart.<br /> <br /> This issue affects Juniper Networks Junos OS on MX Series:<br /> <br /> <br /> <br /> * All versions prior to 20.4R3-S4;<br /> * 21.1 version 21.1R1 and later versions;<br /> * 21.2 versions prior to 21.2R3-S2;<br /> * 21.3 versions prior to 21.3R3-S5;<br /> * 21.4 versions prior to 21.4R3;<br /> * 22.1 versions prior to 22.1R3;<br /> * 22.2 versions prior to 22.2R1-S1, 22.2R2.<br /> <br /> <br /> <br /> <br /> <br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
20/10/2023

CVE-2023-44201
Publication date:
13/10/2023
<br /> An Incorrect Permission Assignment for Critical Resource vulnerability in a specific file of Juniper Networks Junos OS and Junos OS Evolved allows a local authenticated attacker to read configuration changes without having the permissions.<br /> <br /> When a user with the respective permissions commits a configuration change, a specific file is created. That file is readable even by users with no permissions to access the configuration. This can lead to privilege escalation as the user can read the password hash when a password change is being committed.<br /> <br /> This issue affects:<br /> <br /> Juniper Networks Junos OS<br /> <br /> <br /> <br /> * All versions prior to 20.4R3-S4;<br /> * 21.1 versions prior to 21.1R3-S4;<br /> * 21.2 versions prior to 21.2R3-S2;<br /> * 21.3 versions prior to 21.3R2-S2, 21.3R3-S1;<br /> * 21.4 versions prior to 21.4R2-S1, 21.4R3.<br /> <br /> <br /> <br /> <br /> Juniper Networks Junos OS Evolved<br /> <br /> <br /> <br /> * All versions prior to 20.4R3-S4-EVO;<br /> * 21.1 versions prior to 21.1R3-S2-EVO;<br /> * 21.2 versions prior to 21.2R3-S2-EVO;<br /> * 21.3 versions prior to 21.3R3-S1-EVO;<br /> * 21.4 versions prior to 21.4R2-S2-EVO.<br /> <br /> <br /> <br /> <br /> <br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
19/10/2023

CVE-2023-44203
Publication date:
13/10/2023
<br /> An Improper Check or Handling of Exceptional Conditions vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on QFX5000 Series, EX2300, EX3400, EX4100, EX4400 and EX4600 allows a adjacent attacker to send specific traffic, which leads to packet flooding, resulting in a Denial of Service (DoS).<br /> <br /> When a specific IGMP packet is received in an isolated VLAN, it is duplicated to all other ports under the primary VLAN, which causes a flood.<br /> <br /> This issue affects QFX5000 series, EX2300, EX3400, EX4100, EX4400 and EX4600 platforms only.<br /> <br /> This issue affects Juniper Junos OS on on QFX5000 Series, EX2300, EX3400, EX4100, EX4400 and EX4600:<br /> <br /> <br /> <br /> * All versions prior to 20.4R3-S5;<br /> * 21.1 versions prior to 21.1R3-S4;<br /> * 21.2 versions prior to 21.2R3-S3;<br /> * 21.3 versions prior to 21.3R3-S5;<br /> * 21.4 versions prior to 21.4R3-S2;<br /> * 22.1 versions prior to 22.1R3;<br /> * 22.2 versions prior to 22.2R3;<br /> * 22.3 versions prior to 22.3R2.<br /> <br /> <br /> <br /> <br /> <br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
19/10/2023

CVE-2023-44176
Publication date:
13/10/2023
<br /> A Stack-based Buffer Overflow vulnerability in the CLI command of Juniper Networks Junos OS allows a low privileged attacker to execute a specific CLI commands leading to Denial of Service.<br /> <br /> Repeated actions by the attacker will create a sustained Denial of Service (DoS) condition.<br /> <br /> This issue affects Juniper Networks:<br /> <br /> Junos OS:<br /> <br /> <br /> <br /> * All versions prior to 20.4R3-S8;<br /> * 21.2 versions prior to 21.2R3-S6;<br /> * 21.3 versions prior to 21.3R3-S5;<br /> * 22.1 versions prior to 22.1R3-S3;<br /> * 22.3 versions prior to 22.3R3;<br /> * 22.4 versions prior to 22.4R3.<br /> <br /> <br /> <br /> <br /> <br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
17/10/2023

CVE-2023-44177
Publication date:
13/10/2023
<br /> A Stack-based Buffer Overflow vulnerability in the CLI command of Juniper Networks Junos and Junos EVO allows a low privileged attacker to execute a specific CLI commands leading to Denial of Service.<br /> <br /> Repeated actions by the attacker will create a sustained Denial of Service (DoS) condition.<br /> <br /> This issue affects Juniper Networks:<br /> <br /> Junos OS:<br /> <br /> <br /> <br /> * All versions prior to 19.1R3-S10;<br /> * 19.2 versions prior to 19.2R3-S7;<br /> * 19.3 versions prior to 19.3R3-S8;<br /> * 19.4 versions prior to 19.4R3-S12;<br /> * 20.2 versions prior to 20.2R3-S8;<br /> * 20.4 versions prior to 20.4R3-S8;<br /> * 21.2 versions prior to 21.2R3-S6;<br /> * 21.3 versions prior to 21.3R3-S5;<br /> * 21.4 versions prior to 21.4R3-S4;<br /> * 22.1 versions prior to 22.1R3-S3;<br /> * 22.2 versions prior to 22.2R3-S1;<br /> * 22.3 versions prior to 22.3R3;<br /> * 22.4 versions prior to 22.4R2.<br /> <br /> <br /> <br /> <br /> Junos OS Evolved:<br /> <br /> <br /> <br /> * All versions prior to 20.4R3-S8-EVO;<br /> * 21.2 versions prior to 21.2R3-S6-EVO;<br /> * 21.3 versions prior to 21.3R3-S5-EVO;<br /> * 21.4 versions prior to 21.4R3-S4-EVO;<br /> * 22.1 versions prior to 22.1R3-S3-EVO;<br /> * 22.2 versions prior to 22.2R3-S1-EVO;<br /> * 22.3 versions prior to 22.3R3-EVO;<br /> * 22.4 versions prior to 22.4R2-EVO.<br /> <br /> <br /> <br /> <br /> <br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
19/10/2023

CVE-2023-44178
Publication date:
13/10/2023
<br /> A Stack-based Buffer Overflow vulnerability in the CLI command of Juniper Networks Junos OS allows a low privileged attacker to execute a specific CLI commands leading to Denial of Service.<br /> <br /> Repeated actions by the attacker will create a sustained Denial of Service (DoS) condition.<br /> <br /> This issue affects Juniper Networks:<br /> <br /> Junos OS<br /> <br /> <br /> <br /> * All versions prior to 19.1R3-S10;<br /> * 19.2 versions prior to 19.2R3-S7;<br /> * 19.3 versions prior to 19.3R3-S8;<br /> * 19.4 versions prior to 19.4R3-S12;<br /> * 20.2 versions prior to 20.2R3-S8;<br /> * 20.4 versions prior to 20.4R3-S8;<br /> * 21.2 versions prior to 21.2R3-S6;<br /> * 21.3 versions prior to 21.3R3-S5;<br /> * 21.4 versions prior to 21.4R3-S5;<br /> * 22.1 versions prior to 22.1R3-S3;<br /> * 22.2 versions prior to 22.2R3-S2;<br /> * 22.3 versions prior to 22.3R3-S1;<br /> * 22.4 versions prior to 22.4R2-S1;<br /> * 23.2 versions prior to 23.2R2.<br /> <br /> <br /> <br /> <br /> <br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
19/10/2023
Subscribe to Vulnerabilities